The authentication flow is initialized with a password/check that supplies username and an incorrect password.
HTTP Request - /public/authentication/password/check/
POST https://iam-host.com/auth/rest/public/authentication/password/check
{
"username": "john.doe@ergon.ch",
"password": "incorrect_password"
}The response is a HTTP 400 Bad Request with a code "USERNAME_PASSWORD_WRONG" to indicate the reason of the failure.
Since this call returned an error, a "temporaryLockExpiry" is returned as well.
HTTP Response - /public/authentication/password/check/
400 Bad Request
{
"meta": {
"type": "jsonapi.metadata.document",
"timestamp": "2018-12-04T09:48:25.112Z",
"temporaryLockExpiry": "2018-12-04T09:48:28.104Z",
"nextAuthStep": "PASSWORD_REQUIRED"
},
"errors": [
{
"id": "5112:9070",
"status": 400,
"code": "USERNAME_PASSWORD_WRONG"
}
]
}